Healthcare Information Security

OIG

OIG Finds Vulnerabilities in HHS Security Controls, Detection

March 13, 2019 - The Department of Health and Human Services’ Operating Divisions (OPDIVs) needs to improve its security controls to more effectively detect and prevent cyberattacks, according to a new Office of Inspector General report. Officials said they conducted audits during fiscal years 2016 and 2017 at eight OPDIVs sites by pen testing network and web applications. The goal was to...


More Articles

OIG Finds Security Risks in NIH Data Sharing Processes, Controls

by Jessica Davis

The Department of Health and Human Services’ Office of the Inspector General discovered risks in the ways the National Institutes of Health shares its sensitive data, including the controls of permitted access to sensitive NIH...

DoD Health Agency Security Flaws Put Patient Data at Risk, OIG Finds

by Jessica Davis

The Department of Defense Health Agency (DHA) failed to consistently implement security measures to protect the systems that stored, processed, and transmitted electronic health record and patient information, according to a DoD...

FDA Needs Procedures for Recalls of Vulnerable Medical Devices

by Fred Donovan

HHS OIG is recommending that the FDA establish and maintain procedures for handling recalls of vulnerable medical devices that can be exploited by attackers or other unauthorized users. In addition, OIG advises the FDA to establish...

HSCC Wants Healthcare Cybersecurity Waiver to Anti-kickback Rules

by Fred Donovan

The Healthcare Sector Coordinating Council (HSCC) asked the HHS OIG for a waiver to the anti-kickback rules to enable the donation of healthcare cybersecurity technology and services to improve the cybersecurity of smaller healthcare...

Mistakes, Not Hacks, Make Up Bulk of Medicaid Data Breaches

by Fred Donovan

Most of the Medicaid data breaches that state agencies and their contractors reported in 2016 disclosed information about a single individual and often resulted from misdirected letters or faxes, according to a report released last week by...

OIG Forms Team to Protect HHS, Boost Cybersecurity Best Practices

by Fred Donovan

The HHS OIG has formed a multidisciplinary cybersecurity team composed of auditors, evaluators, investigators, and attorneys from various HHS agencies to help protect department data and systems and foster cybersecurity best practices...

CMS Needs To Beef Up Risk Management for Medicare Database

by Fred Donovan

The Centers for Medicare and Medicaid Services (CMS) needs to improve its risk management oversight and security controls to ensure the availability of the Medicare enrollment database (EDB), concluded an HHS Office of Inspector General...

OIG Backs FDA Process Changes To Boost Medical Device Security

by Fred Donovan

To improve medical device security, the HHS Office of the Inspector General (OIG) is recommending that the FDA better integrate cybersecurity criteria into its premarket review process for medical devices. In a report released Sept. 10,...

OIG Faults Maryland for Inadequate Medicaid Data Security

by Fred Donovan

The HHS Office of Inspector General (OIG) has found that Maryland’s Medicaid data security program has failed to secure sensitive data and information systems. An OIG audit released August 14 concluded that numerous, significant...

OIG Compliance Audit Finds HHS Risk Management, IAM Issues Continue

by Elizabeth Snell

The enterprise-wide information security program within the Department of Health and Human Services (HHS) has improved, but there are still risk management weaknesses, issues with identity and access management (IAM), and problems in other...

VA Facility Lacking Security Risk Assessment, Security Controls

by Elizabeth Snell

The Veterans Services Adaptable Network (VSAN) at the Orlando Veterans Affairs Medical Center (VAMC) was not fully coordinated with the Office of Information and Technology (OI&T), which included not having a security risk assessment,...

OIG: NC Medicaid Eligibility Data Security Measures Must Improve

by Elizabeth Snell

The North Carolina State Medicaid agency (State agency) failed to meet federal requirements for Medicaid eligibility data security, according to an Office of Inspector General (OIG) report. The State agency had the Office of North...

OIG: Security Risk Assessments, Disaster Recovery Needed at Hospitals

by Elizabeth Snell

While two Indian Health Service (IHS) hospitals had increased system security and physical controls surrounding prescription drug and opioid disbursements, the Office of Inspector General (OIG) still determined that more improvements...

Information Technology, Cybersecurity Issues Common in OIG Areas

by Elizabeth Snell

Cybersecurity issues and information technology issues are both common in numerous areas that the Office of Inspector General (OIG) plans to focus on, according to the latest OIG semiannual report to Congress. OIG wants to keep working on...

Evolving Cybersecurity Threats, Protecting Data Top HHS Challenges

by Elizabeth Snell

Adequately addressing the industry’s current cybersecurity threats is a key aspect to one of the major management and performance challenges for HHS, the Office of Inspector General determined in its annual report. OIG’s 2017...

Alabama Medicaid Data Security, Information Security Can Improve

by Elizabeth Snell

Alabama's Medicaid Management Information System (MMIS) had an adopted security program, but there were still potential vulnerabilities stemming from lacking Medicaid data security, according to a recent OIG...

OIG Notes NC Potential Medicaid Data Security Vulnerabilities

by Elizabeth Snell

The North Carolina State Medicaid agency (State agency) did not implement necessary information system general controls to ensure proper Medicaid data security measures, according to an OIG report. The State agency contracts with CRSA,...

New Mexico Medicaid Data Security Requires Improvements

by Elizabeth Snell

The New Mexico Human Services Department (HSD) has certain vulnerabilities in its Medicaid data security, which could put HSD operations at risk, according to a recent OIG investigation. HSD migrated from a legacy eligibility system to...

OIG Stresses Information Security, Data Integrity for 2017

by Elizabeth Snell

Improving data integrity and information security measures were just two of the areas noted in the recent OIG Semiannual Report to Congress. “With the sheer amount of data and its complexity, however, the Department continues to...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...